As chatbots increasingly become popular the world over, scammers are also devising ways to sneak in their malicious advertising content, according to the latest reports. Recently, Microsoft’s AI chatbot, Bing Chat, has become a target for malicious ads within the chatbot.
Microsoft debuted its AI chatbot, Bing Chat, in February this year. The tech firm first started testing ads in the service in March on its ChatGPT-4-powered chatbot. It is not surprising that Microsoft allowed ads in Bing Chat since tech firms derive significant revenue from advertising.
Huge market for scammers
Chatbot statistics by Tidio show that an estimated 1.5 billion people use chatbots, with the largest volumes recorded in the US, India, Germany, the UK, and Brazil. Chatbots also increase website conversations by 100%, according to Leadoo.
For Microsoft, six months after the chatbot was released to the public, the tech giant celebrated user engagement with over a billion chats.
With such a huge number of people using chatbots, AI tools can also become fertile ground for fraudsters.
According to a report by Malwarebytes Labs, scammers can insert their ads into chat conversations, like Bing chats. This can be done in various ways, according to the report; for instance, when one hovers over a link, an ad is shown first before the organic result.
The report cited an example where the Bing Chat produced an advertisement after a user asked the bot for details on where to download a program known as an IP scanner. While the ad appears genuine, it takes the user to a phishing site, which serves malware.
Interestingly, the site can filter traffic, according to SiliconANGLE, before “separating real victims from bots,sandboxes, and security researchers.”
This, the article adds, is done through checking details like a user’s IP address and time zone. It also checks the user’s other system settings, for instance, web rendering, which identifies machines. After the checks, it then directs humans to a fake site that mimics the official site; others will be directed to a decoy page.
Researchers at Malwarebytes have shown other examples of malicious ads that appear on Bing Chat that redirect users to malicious websites.
According to the researchers, another example is where a search for a legitimate Australian business delivered two such ads. These targeted network administrators, while the others targeted lawyers.
Source of the material
Although the Malwarebytes report does not cover where these malicious ads come from or how they are coming into Bing Chat, the bottom line is that they are finding their way into chats. However, there is a possibility that they are coming in through advertising on Bing search results.
“Malicious ads have been a problem for decades,” KnowBe4 Inc. data-driven defense evangelist Roger Grimes told the SiliconANGLE.
“This is just a current example of them being used in AI-related tools.”
Grimes added that these malicious ads and the legitimacy they have with viewers present good opportunities for exploitation. Because of this, he said, users also need to be trained to have a better understanding of internet ads, including how to spot them and know that they can’t be trusted.
“Until content filtering tools are better at detecting and preventing them, education is really the only way to fight them.”